Skip to content

Remove *_child variants of pre_exec/post_exec hooks #3817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
0xmuon wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove *_child variants of pre_exec/post_exec hooks #3817

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c5ca2ef
restore pre/post observer hooks after dedup
0xmuon Apr 23, 2026
2dc3a67
remove all _child variants of pre_exec/post_exec
0xmuon Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions crates/libafl/src/executors/command.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,6 @@ where
) -> Result<ExitKind, Error> {
use wait_timeout::ChildExt;

self.observers_mut().pre_exec_all(state, input)?;
Copy link
Copy Markdown
Member

@addisoncrump addisoncrump Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... was this ever correct? I presume this is meant to be pre_exec_child_all, but has the same problem as the other region I highlighted.

*state.executions_mut() += 1;
let mut child = self
.configurator
Expand Down Expand Up @@ -427,8 +426,6 @@ where
self.observers_mut().index_mut(&stdout_handle).observe(buf);
}

self.observers_mut()
.post_exec_child_all(state, input, &exit_kind)?;
Ok(exit_kind)
}
}
Expand Down Expand Up @@ -484,8 +481,8 @@ where
/// Linux specific low level implementation, to directly handle `fork`, `exec` and use linux
/// `ptrace`
///
/// Hooks' `pre_exec` and observers' `pre_exec_child` are called with the child process stopped
/// just before the `exec` return (after forking).
/// Hooks' `pre_exec` is called with the child process stopped just before the `exec` return
/// (after forking).
fn run_target(
&mut self,
fuzzer: &mut Z,
Expand Down Expand Up @@ -519,7 +516,6 @@ where
)));
}

self.observers.pre_exec_child_all(state, input)?;
if *state.executions() == 1 {
self.hooks.init_all(state);
}
Expand All @@ -546,7 +542,6 @@ where
};

self.hooks.post_exec_all(state, input);
self.observers.post_exec_child_all(state, input, &res)?;
Ok(res)
}
}
Expand Down Expand Up @@ -898,7 +893,10 @@ mod tests {
state::NopState,
};
#[cfg(unix)]
use crate::{executors::StdChildArgs, observers::StdOutObserver};
use crate::{
executors::{HasObservers, StdChildArgs},
observers::{ObserversTuple, StdOutObserver},
};

#[test]
#[cfg_attr(miri, ignore)]
Expand Down Expand Up @@ -944,13 +942,19 @@ mod tests {
let mut executor = executor.unwrap();

let mut fuzzer: NopFuzzer = NopFuzzer::new();
let mut state = NopState::<NopInput>::new();
let input = BytesInput::new(b".".to_vec());

executor
.run_target(
&mut fuzzer,
&mut NopState::<NopInput>::new(),
&mut mgr,
&BytesInput::new(b".".to_vec()),
)
.observers_mut()
.pre_exec_all(&mut state, &input)
.unwrap();
let exit_kind = executor
.run_target(&mut fuzzer, &mut state, &mut mgr, &input)
.unwrap();
executor
.observers_mut()
.post_exec_all(&mut state, &input, &exit_kind)
.unwrap();

assert!(executor.observers.0.output.is_some());
Expand Down
14 changes: 0 additions & 14 deletions crates/libafl/src/executors/differential.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -168,20 +168,6 @@ where
) -> Result<(), Error> {
self.differential.post_exec_all(state, input, exit_kind)
}

fn pre_exec_child_all(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
self.differential.pre_exec_child_all(state, input)
}

fn post_exec_child_all(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.differential
.post_exec_child_all(state, input, exit_kind)
}
}

impl<A, B, DOT> Deref for ProxyObserversTuple<A, B, DOT> {
Expand Down
3 changes: 0 additions & 3 deletions crates/libafl/src/executors/forkserver.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1534,10 +1534,7 @@ where
input: &I,
) -> Result<ExitKind, Error> {
let bytes = fuzzer.convert_to_target_bytes(state, input);
self.observers_mut().pre_exec_child_all(state, input)?;
let exit = self.execute_input(state, bytes.as_slice())?;
self.observers_mut()
.post_exec_child_all(state, input, &exit)?;
Comment on lines -1537 to -1540
Copy link
Copy Markdown
Member

@addisoncrump addisoncrump Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is also not correct; pre_ and post_exec_child is to be executed by the child. However, the original code also appears to be wrong because this code gets executed in the parent. @domenukk / @tokatoka / @andreafioraldi, can you give indication here as to the intended behaviour?

Ok(exit)
}
}
Expand Down
6 changes: 3 additions & 3 deletions crates/libafl/src/executors/inprocess_fork/inner.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,8 +124,8 @@ where
self.hooks.pre_exec_all(state, input);

self.observers
.pre_exec_child_all(state, input)
.expect("Failed to run post_exec on observers");
.pre_exec_all(state, input)
.expect("Failed to run pre_exec on observers");

#[cfg(target_os = "linux")]
{
Expand Down Expand Up @@ -156,7 +156,7 @@ where
) {
unsafe {
self.observers
.post_exec_child_all(state, input, &ExitKind::Ok)
.post_exec_all(state, input, &ExitKind::Ok)
.expect("Failed to run post_exec on observers");

self.hooks.post_exec_all(state, input);
Expand Down
8 changes: 4 additions & 4 deletions crates/libafl/src/executors/inprocess_fork/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ pub mod child_signal_handlers {
observers::ObserversTuple,
};

/// invokes the `post_exec_child` hook on all observer in case the child process panics
/// invokes the `post_exec` hook on all observer in case the child process panics
pub fn setup_child_panic_hook<E, I, S>()
where
E: HasObservers,
Expand All @@ -234,7 +234,7 @@ pub mod child_signal_handlers {
// Invalidate data to not execute again the observer hooks in the crash handler
let input = (*data).take_current_input::<I>();
observers
.post_exec_child_all(state, input, &ExitKind::Crash)
.post_exec_all(state, input, &ExitKind::Crash)
.expect("Failed to run post_exec on observers");

// std::process::abort();
Expand Down Expand Up @@ -266,7 +266,7 @@ pub mod child_signal_handlers {
let state = data.state_mut::<S>();
let input = data.take_current_input::<I>();
observers
.post_exec_child_all(state, input, &ExitKind::Crash)
.post_exec_all(state, input, &ExitKind::Crash)
.expect("Failed to run post_exec on observers");
}

Expand All @@ -292,7 +292,7 @@ pub mod child_signal_handlers {
let state = data.state_mut::<S>();
let input = data.take_current_input::<I>();
observers
.post_exec_child_all(state, input, &ExitKind::Timeout)
.post_exec_all(state, input, &ExitKind::Timeout)
.expect("Failed to run post_exec on observers");
}
libc::_exit(128 + (_signal as i32));
Expand Down
30 changes: 0 additions & 30 deletions crates/libafl/src/observers/map/hitcount_map.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,21 +134,6 @@ where
classify_counts(&mut self.as_slice_mut());
self.base.post_exec(state, input, exit_kind)
}

#[inline]
fn pre_exec_child(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
self.base.pre_exec_child(state, input)
}

#[inline]
fn post_exec_child(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.base.post_exec_child(state, input, exit_kind)
}
}

impl<M> Named for HitcountsMapObserver<M>
Expand Down Expand Up @@ -370,21 +355,6 @@ where

self.base.post_exec(state, input, exit_kind)
}

#[inline]
fn pre_exec_child(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
self.base.pre_exec_child(state, input)
}

#[inline]
fn post_exec_child(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.base.post_exec_child(state, input, exit_kind)
}
}

impl<M> Named for HitcountsIterableMapObserver<M>
Expand Down
13 changes: 0 additions & 13 deletions crates/libafl/src/observers/map/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,19 +150,6 @@ where
fn post_exec(&mut self, state: &mut S, input: &I, exit_kind: &ExitKind) -> Result<(), Error> {
self.0.post_exec(state, input, exit_kind)
}

fn pre_exec_child(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
self.0.pre_exec_child(state, input)
}

fn post_exec_child(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.0.post_exec_child(state, input, exit_kind)
}
}

impl<T, OTA, OTB, I, S, const ITH: bool, const NTH: bool> DifferentialObserver<OTA, OTB, I, S>
Expand Down
56 changes: 0 additions & 56 deletions crates/libafl/src/observers/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,23 +60,6 @@ pub trait Observer<I, S>: Named {
) -> Result<(), Error> {
Ok(())
}

/// Called right before execution starts in the child process, if any.
#[inline]
fn pre_exec_child(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
Ok(())
}

/// Called right after execution finishes in the child process, if any.
#[inline]
fn post_exec_child(
&mut self,
_state: &mut S,
_input: &I,
_exit_kind: &ExitKind,
) -> Result<(), Error> {
Ok(())
}
}

/// A haskell-style tuple of observers
Expand All @@ -91,17 +74,6 @@ pub trait ObserversTuple<I, S>: MatchName {
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error>;

/// This is called right before the next execution in the child process, if any.
fn pre_exec_child_all(&mut self, state: &mut S, input: &I) -> Result<(), Error>;

/// This is called right after the last execution in the child process, if any.
fn post_exec_child_all(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error>;
}

impl<I, S> ObserversTuple<I, S> for () {
Expand All @@ -117,19 +89,6 @@ impl<I, S> ObserversTuple<I, S> for () {
) -> Result<(), Error> {
Ok(())
}

fn pre_exec_child_all(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
Ok(())
}

fn post_exec_child_all(
&mut self,
_state: &mut S,
_input: &I,
_exit_kind: &ExitKind,
) -> Result<(), Error> {
Ok(())
}
}

impl<Head, Tail, I, S> ObserversTuple<I, S> for (Head, Tail)
Expand All @@ -151,21 +110,6 @@ where
self.0.post_exec(state, input, exit_kind)?;
self.1.post_exec_all(state, input, exit_kind)
}

fn pre_exec_child_all(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
self.0.pre_exec_child(state, input)?;
self.1.pre_exec_child_all(state, input)
}

fn post_exec_child_all(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.0.post_exec_child(state, input, exit_kind)?;
self.1.post_exec_child_all(state, input, exit_kind)
}
}

/// A trait for [`Observer`]`s` with a hash field
Expand Down
9 changes: 0 additions & 9 deletions crates/libafl/src/observers/stacktrace.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,15 +228,6 @@ impl<I, S> Observer<I, S> for BacktraceObserver<'_> {
}
Ok(())
}

fn post_exec_child(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.post_exec(state, input, exit_kind)
}
}

impl Named for BacktraceObserver<'_> {
Expand Down
17 changes: 2 additions & 15 deletions crates/libafl/src/observers/stdio.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,19 +292,15 @@ impl<I, S, T> Observer<I, S> for OutputObserver<T>
where
T: 'static,
{
fn pre_exec_child(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
fn pre_exec(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
if let Some(file) = self.file.as_mut() {
file.seek(SeekFrom::Start(0))?;
}
self.output = None;
Ok(())
}

fn pre_exec(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
self.pre_exec_child(_state, _input)
}

fn post_exec_child(
fn post_exec(
&mut self,
_state: &mut S,
_input: &I,
Expand All @@ -324,15 +320,6 @@ where
}
Ok(())
}

fn post_exec(
&mut self,
_state: &mut S,
_input: &I,
_exit_kind: &crate::executors::ExitKind,
) -> Result<(), Error> {
self.post_exec_child(_state, _input, _exit_kind)
}
}

impl<T> AsRef<Self> for OutputObserver<T> {
Expand Down
13 changes: 0 additions & 13 deletions crates/libafl_targets/src/libfuzzer/observers/oom.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,19 +112,6 @@ impl<I, S> Observer<I, S> for OomObserver {
self.oomed = OOMED.load(Ordering::Relaxed);
Ok(())
}

fn pre_exec_child(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
self.pre_exec(state, input)
}

fn post_exec_child(
&mut self,
state: &mut S,
input: &I,
exit_kind: &ExitKind,
) -> Result<(), Error> {
self.post_exec(state, input, exit_kind)
}
}

/// Feedback for the similarly named [`OomObserver`] to detect if the target crashed due to an observed OOM
Expand Down
Loading